Skip to main content
Elsevier

Books in Information systems general

  • The Basics of Hacking and Penetration Testing

    • 3rd Edition
    • Thomas Wilhelm + 1 more
    • English
    The Basics of Hacking and Penetration Testing, Third Edition serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. The book teaches readers how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. It provides a simple and clear explanation of how to effectively utilize these tools, along with a four-step methodology for conducting a penetration test or hack, thus equipping readers with the know-how required to jump start their careers and gain a better understanding of offensive security.Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. This new edition includes six all-new chapters, and has been completely updated to the most current industry-standard tools, testing methodologies, and exploitable targets. New chapters on setting up a Pen Testing Lab and Hacking Careers have been added to expand and update the book. This is complemented by videos for in class use.

  • Computational Frameworks

    Systems, Models and Applications
    • 1st Edition
    • Mamadou Kaba Traore
    • English
    Computational Frameworks: Systems, Models and Applications provides an overview of advanced perspectives that bridges the gap between frontline research and practical efforts. It is unique in showing the interdisciplinary nature of this area and the way in which it interacts with emerging technologies and techniques. As computational systems are a dominating part of daily lives and a required support for most of the engineering sciences, this book explores their usage (e.g. big data, high performance clusters, databases and information systems, integrated and embedded hardware/software components, smart devices, mobile and pervasive networks, cyber physical systems, etc.).

  • Security Controls Evaluation, Testing, and Assessment Handbook

    • 1st Edition
    • Leighton Johnson
    • English
    Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.

  • Breaking into Information Security

    Crafting a Custom Career Path to Get the Job You Really Want
    • 1st Edition
    • Josh More + 2 more
    • English
    Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role. Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren’t always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there. From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in.

  • Building an Intelligence-Led Security Program

    • 1st Edition
    • Allan Liska
    • English
    As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents. The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way.

  • Predictive Analytics and Data Mining

    Concepts and Practice with RapidMiner
    • 1st Edition
    • Vijay Kotu + 1 more
    • English
    Put Predictive Analytics into ActionLearn the basics of Predictive Analysis and Data Mining through an easy to understand conceptual framework and immediately practice the concepts learned using the open source RapidMiner tool. Whether you are brand new to Data Mining or working on your tenth project, this book will show you how to analyze data, uncover hidden patterns and relationships to aid important decisions and predictions. Data Mining has become an essential tool for any enterprise that collects, stores and processes data as part of its operations. This book is ideal for business users, data analysts, business analysts, business intelligence and data warehousing professionals and for anyone who wants to learn Data Mining.You’ll be able to:1. Gain the necessary knowledge of different data mining techniques, so that you can select the right technique for a given data problem and create a general purpose analytics process.2. Get up and running fast with more than two dozen commonly used powerful algorithms for predictive analytics using practical use cases.3. Implement a simple step-by-step process for predicting an outcome or discovering hidden relationships from the data using RapidMiner, an open source GUI based data mining tool Predictive analytics and Data Mining techniques covered: Exploratory Data Analysis, Visualization, Decision trees, Rule induction, k-Nearest Neighbors, Naïve Bayesian, Artificial Neural Networks, Support Vector machines, Ensemble models, Bagging, Boosting, Random Forests, Linear regression, Logistic regression, Association analysis using Apriori and FP Growth, K-Means clustering, Density based clustering, Self Organizing Maps, Text Mining, Time series forecasting, Anomaly detection and Feature selection. Implementation files can be downloaded from the book companion site at www.LearnPredictiveA...

  • Cyber Reconnaissance, Surveillance and Defense

    • 1st Edition
    • Robert Shimonski
    • English
    At a time when online surveillance and cybercrime techniques are widespread, and are being used by governments, corporations, and individuals, Cyber Reconnaissance, Surveillance and Defense gives you a practical resource that explains how these activities are being carried out and shows how to defend against them. Expert author Rob Shimonski shows you how to carry out advanced IT surveillance and reconnaissance, describes when and how these techniques are used, and provides a full legal background for each threat. To help you understand how to defend against these attacks, this book describes many new and leading-edge surveillance, information-gatherin... and personal exploitation threats taking place today, including Web cam breaches, home privacy systems, physical and logical tracking, phone tracking, picture metadata, physical device tracking and geo-location, social media security, identity theft, social engineering, sniffing, and more.

  • Optimized Cloud Resource Management and Scheduling

    Theories and Practices
    • 1st Edition
    • Wenhong Dr. Tian + 1 more
    • English
    Optimized Cloud Resource Management and Scheduling identifies research directions and technologies that will facilitate efficient management and scheduling of computing resources in cloud data centers supporting scientific, industrial, business, and consumer applications. It serves as a valuable reference for systems architects, practitioners, developers, researchers and graduate level students.

  • Hacking and Penetration Testing with Low Power Devices

    • 1st Edition
    • Philip Polstra
    • English
    Hacking and Penetration Testing with Low Power Devices shows you how to perform penetration tests using small, low-powered devices that are easily hidden and may be battery-powered. It shows how to use an army of devices, costing less than you might spend on a laptop, from distances of a mile or more. Hacking and Penetration Testing with Low Power Devices shows how to use devices running a version of The Deck, a full-featured penetration testing and forensics Linux distribution, and can run for days or weeks on batteries due to their low power consumption. Author Philip Polstra shows how to use various configurations, including a device the size of a deck of cards that can easily be attached to the back of a computer. While each device running The Deck is a full-featured pen-testing platform, connecting systems together via 802.15.3 networking gives you even more power and flexibility. This reference teaches you how to construct and power these devices, install operating systems, and fill out your toolbox of small low-power devices with hundreds of tools and scripts from the book's companion website. Hacking and Pen Testing with Low Power Devices puts all these tools into your hands and will help keep you at the top of your game performing cutting-edge pen tests from anywhere in the world!

  • Building an Information Security Awareness Program

    Defending Against Social Engineering and Technical Threats
    • 1st Edition
    • Bill Gardner + 1 more
    • English
    The best defense against the increasing threat of social engineering attacks is Security Awareness Training to warn your organization's staff of the risk and educate them on how to protect your organization's data. Social engineering is not a new tactic, but Building an Security Awareness Program is the first book that shows you how to build a successful security awareness training program from the ground up. Building an Security Awareness Program provides you with a sound technical basis for developing a new training program. The book also tells you the best ways to garner management support for implementing the program. Author Bill Gardner is one of the founding members of the Security Awareness Training Framework. Here, he walks you through the process of developing an engaging and successful training program for your organization that will help you and your staff defend your systems, networks, mobile devices, and data. Forewords written by Dave Kennedy and Kevin Mitnick!

  • Decision Support Systems: Experiences and Expectations

    Proceedings of the IFIP TC8/WG 8.3 Working Conference on Decision Support Systems: Experiences and Expectations, Fontainebleau, France, 30 June - 3 July 1992
    • 1st Edition
    • Volume 9
    • T. Jelassi + 2 more
    • English
    This proceedings volume aims to consolidate current knowledge of research into the many fields of DSS, and to identify key issues which should be incorporated into the future research agenda. The main themes of this volume include: DSS for distributed decision processes, Embedding knowledge in DSS, and DSS and organizational change.

  • The Digital Technical Documentation Handbook

    • 1st Edition
    • Susan K. Schultz + 3 more
    • English
    The Digital Technical Documentation Handbook describes the process of developing and producing technical user information at Digital Equipment Corporation. * Discusses techniques for making user information _more effective * Covers the draft and reviewprocess, the production and distribution of printed and electronic media, archiving, indexing, testing for usability, and many other topics * Provides quality assurance checklists, contains a glossary and a bibliography of resources for technicalcommunicato...

  • Information System Development Process

    Proceedings of the IFIP WG8.1 Working Conference on Information System Development Process, Como, Italy, 1-3 September, 1993
    • 1st Edition
    • Volume 30
    • N. Prakash + 2 more
    • English
    This volume aims to pave the way to a greater understanding of the information system development process. Traditionally, information systems have been perceived as a slice of real world history. This has led to a strong emphasis on the development of conceptual models, the requirements specifications of which can readily be expressed. However, the route to such an expression, or the process of development, has not received any substantial attention.It is now agreed that a study of the development process affords notable benefits. Firstly, it helps to create an understanding of what a realistic development process is and how it proceeds from an initial specification to its acceptable representation. Secondly, the nature of guidance that can be provided by the next generation of CASE tools can be substantially improved. It can be expected that these tools will cease to be mere drafting aids and consistency checking programs. Instead it is likely that they will provide a procreative environment in which the development engineer will play an important role. This tool/user symbiosis should have a beneficial impact on both the productivity of the developer and on the quality of the product.In bringing together researchers and practitioners from such diverse areas as AI, Software Engineering, Decision Support and Information Systems, it is hoped this publication will take the quest to comprehend information system development processes a significant step forwards.

  • Museum Documentation Systems

    Developments and Applications
    • 1st Edition
    • Richard B. Light + 2 more
    • English

  • Systems Engineering in Public Administration

    Proceedings of the IFIP TC8/WG8.5 Working Conference on Systems Engineering in Public Administration, Luneburg, Germany, 3-5 March 1993
    • 1st Edition
    • Volume 36
    • H.E.G. Bonin
    • English
    The complexity of large systems in public administration progresses in terms of both quality and quantity year after year. Mastering complex systems is therefore assuming an increasing dominance in this area. Learning to master evolving systems needs at least a foundation in science and engineering know-how. The relationship between the professionals, such as system engineers viewing from the outside and the beneficiaries, such as public administration officials using the computer systems on the inside is therefore of prime importance if the many problems are to be solved.This book does not attempt to provide definitive answers but rather aims to give shape to our visions and ideas and to stimulate further discussion and research.

  • The Basics of Information Security

    Understanding the Fundamentals of InfoSec in Theory and Practice
    • 2nd Edition
    • Jason Andress
    • English
    As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security. The Basics of Information Security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects.

  • Machine Takeover

    The Growing Threat to Human Freedom in a Computer-Controlled Society
    • 1st Edition
    • Frank George
    • English
    Machine Takeover: The Growing Threat to Human Freedom in a Computer-Controlled Society discusses the implications of technological advancement. The title identifies the changes in society that no one is aware of, along with what this changes entails. The text first covers the information science, particularly the aspect of an automated system for information processing. Next, the selection deals with social implications of information science, such as information pollution. The text also tackles the concerns in the utilization of technology in order to manipulate the lives of people without their knowledge. In Part III, the title covers the science of cybernetics and artificial intelligence. The last part tackles the consequences of modern science. The book will be of great interest to readers who are concerned with the direction of contemporary science.

  • Systems Approach to Appropriate Technology Transfer

    Proceedings of the IFAC Symposium, Vienna, Austria, 21-23 March 1983
    • 1st Edition
    • P. Fleissner
    • English
    Systems Approach to Appropriate Technology Transfer is a collection of selected papers presented at the International Federation of Automatic Control (IFAC) Symposium, held in Vienna, Austria. The objective of the symposium is to analyze the transfer process of technologies by using the systems approach and gather insights that can be used for the enhancement of future transfer programs. The book is a rich presentation of articles and research papers from scientists and engineers from all over the world, and is composed of introductory, technical discussion, and round table discussion papers. The introductory papers give insights to the concepts of technology transfer, systems approach, and use of appropriate technologies. The technical discussions touch on technology transfer in selected fields, energy technologies, flexible manufacturing systems, information and communication, social and educational aspects, and case studies. The four round table discussions focus on the application of technologies to support small-scale enterprises and users’ participation; appropriate technology transfer on microelectronics; policies and strategies for appropriate technology transfer; and the impact of informatics on technology transfer. The text will appeal to computer scientists, engineers, policymakers, and students of information technology.

  • Children in the Information Age

    Opportunities for Creativity, Innovation and New Activities
    • 1st Edition
    • Blagovest Sendov + 1 more
    • English
    Children in the Information Age: Opportunities for Creativity, Innovation and New Activities contains selected papers from the Second International Conference and Exhibition ""Children in the Information Age: Opportunities for Creativity, Innovation and New Activities,"" held in Sofia, Bulgaria, 19-23 May 1987. The contributions made by researchers at the conference covered topics such as the past, present, and future of school informatics in the USSR; the family computer boom and its implications for computer literacy; the new meanings of literacy related to new information and communication technologies; computer use in education; and literacy in the information age. Other papers dealt with computer-based training in India; knowledge based systems for use in pedagogical contexts; informatics competitions in Germany; the information age; information and communication technology in the French educational system; and the role of information technology in education in Australia. The final two chapters present the recommendations that emerged from the conference as well as the recommendations of the Working Meeting of Editors of Journals and Magazines on Informatics in Education.

  • Pragmatic Enterprise Architecture

    Strategies to Transform Information Systems in the Era of Big Data
    • 1st Edition
    • James Luisi
    • English
    Pragmatic Enterprise Architecture is a practical hands-on instruction manual for enterprise architects. This book prepares you to better engage IT, management, and business users by equipping you with the tools and knowledge you need to address the most common enterprise architecture challenges. You will come away with a pragmatic understanding of and approach to enterprise architecture and actionable ideas to transform your enterprise. Experienced enterprise architect James V. Luisi generously shares life cycle architectures, transaction path analysis frameworks, and more so you can save time, energy, and resources on your next big project. As an enterprise architect, you must have relatable frameworks and excellent communication skills to do your job. You must actively engage and support a large enterprise involving a hundred architectural disciplines with a modest number of subject matter experts across business, information systems, control systems, and operations architecture. They must achieve their mission using the influence of ideas and business benefits expressed in simple terms so that any audience can understand what to do and why. Pragmatic Enterprise Architecture gives you the tools to accomplish your goals in less time with fewer resources.

  • Object-Oriented Analysis and Design for Information Systems

    Agile Modeling with UML, OCL, and IFML
    • 1st Edition
    • Raul Sidnei Wazlawick
    • English
    Object-Oriented Analysis and Design for Information Systems clearly explains real object-oriented programming in practice. Expert author Raul Sidnei Wazlawick explains concepts such as object responsibility, visibility and the real need for delegation in detail. The object-oriented code generated by using these concepts in a systematic way is concise, organized and reusable. The patterns and solutions presented in this book are based in research and industrial applications. You will come away with clarity regarding processes and use cases and a clear understand of how to expand a use case. Wazlawick clearly explains clearly how to build meaningful sequence diagrams. Object-Oriented Analysis and Design for Information Systems illustrates how and why building a class model is not just placing classes into a diagram. You will learn the necessary organizational patterns so that your software architecture will be maintainable.

  • Platform Ecosystems

    Aligning Architecture, Governance, and Strategy
    • 1st Edition
    • Amrit Tiwana
    • English
    Platform Ecosystems is a hands-on guide that offers a complete roadmap for designing and orchestrating vibrant software platform ecosystems. Unlike software products that are managed, the evolution of ecosystems and their myriad participants must be orchestrated through a thoughtful alignment of architecture and governance. Whether you are an IT professional or a general manager, you will benefit from this book because platform strategy here lies at the intersection of software architecture and business strategy. It offers actionable tools to develop your own platform strategy, backed by original research, tangible metrics, rich data, and cases. You will learn how architectural choices create organically-evolvabl... vibrant ecosystems. You will also learn to apply state-of-the-art research in software engineering, strategy, and evolutionary biology to leverage ecosystem dynamics unique to platforms. Read this book to learn how to: Evolve software products and services into vibrant platform ecosystems Orchestrate platform architecture and governance to sustain competitive advantage Govern platform evolution using a powerful 3-dimensional framework If you’re ready to transform platform strategy from newspaper gossip and business school theory to real-world competitive advantage, start right here!

  • Introduction to Information Security

    A Strategic-Based Approach
    • 1st Edition
    • Timothy Shimeall + 1 more
    • English
    Most introductory texts provide a technology-based survey of methods and techniques that leaves the reader without a clear understanding of the interrelationships between methods and techniques. By providing a strategy-based introduction, the reader is given a clear understanding of how to provide overlapping defenses for critical information. This understanding provides a basis for engineering and risk-management decisions in the defense of information.Informat... security is a rapidly growing field, with a projected need for thousands of professionals within the next decade in the government sector alone. It is also a field that has changed in the last decade from a largely theory-based discipline to an experience-based discipline. This shift in the field has left several of the classic texts with a strongly dated feel.

  • Decision Support in Public Administration

    Proceedings of the IFIP TC8/WG8.3 Working Conference on Decision Support in Public Administration, Noordwijkerhout, The Netherlands, 13-14 May, 1993
    • 1st Edition
    • Volume 26
    • P.W.G. Bots + 2 more
    • English
    The vast flow of information to be considered by policy and decision makers in national and local governments is continuing to expand during the 1990s, whilst budgets for staff to process the information are being tightened. This publication provides a forum for the examination of the problem. It aims to focus the efforts of researchers and practitioners more effectively in applying information technology to increase the performance of decision makers in public administration despite the limited resources. Topics explored include the following: design considerations and approaches for, and practical experiences with, communication and information processing infrastructure and applications at the workplace level; the design and implementation of support systems for individual or group decision making in governmental and municipal settings; modelling and model management techniques, based on case reports of successful and unsuccessful modelling efforts; concepts, approaches and models for re-designing tasks and processes in public administration; issues and challenges in integrating the information systems of several governmental bodies. The book is divided into two parts for the discussion of these themes - the first section deals primarily with theoretical and conceptual issues; the second part contains papers with a stronger emphasis on systems, their functionality and experiences in their development and application. The authors' affiliations (17 organizations from 8 different countries) indicates the international nature of the contributions. The ideas put forward in their papers show that research into supporting decision making in public administration is well on its way but that the research area is vast, with yet many hills to scale.

  • Decision Support Systems: Issues and Challenges

    Proceedings of an International Task Force Meeting June 23-25, 1980
    • 1st Edition
    • Göran Fick + 1 more
    • English
    Decision Support Systems: Issues and Challenges covers the proceedings of the International Institute for Applied Systems Analysis (IIASA) International Task Force Meeting. The book reviews papers that tackle issues about decision support systems (DSS). Comprised of 17 chapters, the book organizes the chapters according to the topic of discussion, including framework, resource discipline, application experience, and issues for the future in DSS. The opening chapter is an introduction to the main topic of the book. Chapter 2 discusses frameworks for research on decision support systems, and Chapter 3 covers the decision support systems. The fourth chapter deals with organizational science contributions to the design of decision support systems, while the fifth chapter discusses using data bases for decision support. Chapter 6 tackles the overview of database technology in decision support systems, and Chapter 7 talks about doing and speaking in the office. The eighth chapter discusses a look back at an office of the future, while the ninth chapter covers the implications for research of installing a decision support system. Chapter 10 tackles the problems of design and implementation of computer-based decision support systems. Chapter 11 discusses an interactive modeling system for analysis of alternative decisions; Chapter 12 covers the structure of decision support systems. Chapters 13 to 15 review the group discussion during the conference about the issues for the future in DSS. This book will be of great interest to leaders, since it discusses the integration of technology in the interaction within an organization.

  • Job Reconnaissance

    Using Hacking Skills to Win the Job Hunt Game
    • 1st Edition
    • Josh More
    • English
    There is considerably more skill in the IT and security communities than is reflected in the jobs people are able to attain. Most people's limiting factor in their ability to get better jobs is not technical skills or even the soft skills necessary to do well in a new job. It is that getting a job is a completely different skill set and one that most people only practice every few years. Job Reconnaissance: Using Hacking Skills to Win the Job Hunt Game explains the job hunting process, why the most commonly followed models fail and how to better approach the search. It covers the entire job hunt process from when to decide to leave your current job, research new possible job opportunities, targeting your new boss, controlling the job interview process and negotiating your new compensation and the departure from your current job. This is not a complete all-in-one job-hunting book. This book assumes that the reader is reasonably competent and has already heard most of the "standard" advice, but is having difficulty putting the advice into practice. The goal is to fill in the gaps of the other books and to help the readers use their technical skills to their advantage in a different context. The emphasis in Job Reconnaissance is for infosec and IT job seekers to leverage the same skills they use in penetration testing and recon toward job-hunting success. These skills include targeting, reconnaissance and profiling combined with a technical look at skills other career search books commonly miss.

  • Managing Information Security

    • 2nd Edition
    • John Vacca
    • English
    Managing Information Security offers focused coverage of how to protect mission critical systems, and how to deploy security management systems, IT security, ID management, intrusion detection and prevention systems, computer forensics, network forensics, firewalls, penetration testing, vulnerability assessment, and more. It offers in-depth coverage of the current technology and practice as it relates to information security management solutions. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.

  • System Parameter Identification

    Information Criteria and Algorithms
    • 1st Edition
    • Badong Chen + 3 more
    • English
    Recently, criterion functions based on information theoretic measures (entropy, mutual information, information divergence) have attracted attention and become an emerging area of study in signal processing and system identification domain. This book presents a systematic framework for system identification and information processing, investigating system identification from an information theory point of view. The book is divided into six chapters, which cover the information needed to understand the theory and application of system parameter identification. The authors’ research provides a base for the book, but it incorporates the results from the latest international research publications.

  • Risk Management Framework

    A Lab-Based Approach to Securing Information Systems
    • 1st Edition
    • James Broad
    • English
    The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization.

  • Windows 2012 Server Network Security

    Securing Your Windows Network Systems and Infrastructure
    • 1st Edition
    • Derrick Rountree
    • English
    Windows 2012 Server Network Security provides the most in-depth guide to deploying and maintaining a secure Windows network. The book drills down into all the new features of Windows 2012 and provides practical, hands-on methods for securing your Windows systems networks, including: Secure remote access Network vulnerabilities and mitigations DHCP installations configuration MAC filtering DNS server security WINS installation configuration Securing wired and wireless connections Windows personal firewall Remote desktop services Internet connection sharing Network diagnostics and troubleshooting Windows network security is of primary importance due to the sheer volume of data residing on Windows networks. Windows 2012 Server Network Security provides network administrators with the most focused and in-depth coverage of Windows network security threats along with methods and techniques for securing important mission-critical networks and assets. The book also covers Windows 8.

  • Applied Cyber Security and the Smart Grid

    Implementing Security Controls into the Modern Power Infrastructure
    • 1st Edition
    • Eric D. Knapp + 1 more
    • English
    Many people think of the Smart Grid as a power distribution group built on advanced smart metering—but that’s just one aspect of a much larger and more complex system. The "Smart Grid" requires new technologies throughout energy generation, transmission and distribution, and even the homes and businesses being served by the grid. This also represents new information paths between these new systems and services, all of which represents risk, requiring a more thorough approach to where and how cyber security controls are implemented. This insight provides a detailed architecture of the entire Smart Grid, with recommended cyber security measures for everything from the supply chain to the consumer.

  • Logging and Log Management

    The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management
    • 1st Edition
    • Kevin Schmidt + 2 more
    • English
    Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management introduces information technology professionals to the basic concepts of logging and log management. It provides tools and techniques to analyze log data and detect malicious activity. The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems. The book also discusses statistical analysis; log data mining; visualizing log data; logging laws and logging mistakes; open source and commercial toolsets for log data collection and analysis; log management procedures; and attacks against logging systems. In addition, the book addresses logging for programmers; logging and compliance with regulations and policies; planning for log analysis system deployment; cloud logging; and the future of log standards, logging, and log analysis. This book was written for anyone interested in learning more about logging and log management. These include systems administrators, junior security engineers, application developers, and managers.

  • FISMA and the Risk Management Framework

    The New Practice of Federal Cyber Security
    • 1st Edition
    • Daniel R. Philpott + 1 more
    • English
    FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems.

  • Client-Side Attacks and Defense

    • 1st Edition
    • Sean-Philip Oriyano + 1 more
    • English
    Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

  • Collaborative Enterprise Architecture

    Enriching EA with Lean, Agile, and Enterprise 2.0 practices
    • 1st Edition
    • Stefan Bente + 2 more
    • English
    Ever-changing business needs have prompted large companies to rethink their enterprise IT. Today, businesses must allow interaction with their customers, partners, and employees at more touch points and at a depth never thought previously. At the same time, rapid advances in information technologies, like business digitization, cloud computing, and Web 2.0, demand fundamental changes in the enterprises’ management practices. These changes have a drastic effect not only on IT and business, but also on policies, processes, and people. Many companies therefore embark on enterprise-wide transformation initiatives. The role of Enterprise Architecture (EA) is to architect and supervise this transformational journey.Unfortunatel... today’s EA is often a ponderous and detached exercise, with most of the EA initiatives failing to create visible impact. The enterprises need an EA that is agile and responsive to business dynamics. Collaborative Enterprise Architecture provides the innovative solutions today’s enterprises require, informed by real-world experiences and experts’ insights. This book, in its first part, provides a systematic compendium of the current best practices in EA, analyzes current ways of doing EA, and identifies its constraints and shortcomings. In the second part, it leaves the beaten tracks of EA by introducing Lean, Agile, and Enterprise 2.0 concepts to the traditional EA methods. This blended approach to EA focuses on practical aspects, with recommendations derived from real-world experiences. A truly thought provoking and pragmatic guide to manage EA, Collaborative Enterprise Architecture effectively merges the long-term oriented top-down approach with pragmatic bottom-up thinking, and that way offers real solutions to businesses undergoing enterprise-wide change.

  • Penetration Tester's Open Source Toolkit

    • 3rd Edition
    • Jeremy Faircloth
    • English
    Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation. This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack. This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

  • The Basics of Information Security

    Understanding the Fundamentals of InfoSec in Theory and Practice
    • 1st Edition
    • Jason Andress
    • English
    The Basics of Information Security provides fundamental knowledge of information security in both theoretical and practical aspects. This book is packed with key concepts of information security, such as confidentiality, integrity, and availability, as well as tips and additional resources for further advanced study. It also includes practical applications in the areas of operations, physical, network, operating system, and application security. Complete with exercises at the end of each chapter, this book is well-suited for classroom or instructional use. The book consists of 10 chapters covering such topics as identification and authentication; authorization and access control; auditing and accountability; cryptography; operations security; physical security; network security; operating system security; and application security. Useful implementations for each concept are demonstrated using real world examples. PowerPoint lecture slides are available for use in the classroom. This book is an ideal reference for security consultants, IT managers, students, and those new to the InfoSec field.

  • Cybercrime and Espionage

    An Analysis of Subversive Multi-Vector Threats
    • 1st Edition
    • Will Gragido + 1 more
    • English
    Cybercrime and Espionage provides a comprehensive analysis of the sophisticated patterns and subversive multi-vector threats (SMTs) associated with modern cybercrime, cyber terrorism, cyber warfare and cyber espionage. Whether the goal is to acquire and subsequently sell intellectual property from one organization to a competitor or the international black markets, to compromise financial data and systems, or undermine the security posture of a nation state by another nation state or sub-national entity, SMTs are real and growing at an alarming pace. This book contains a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. It will educate readers on the realities of advanced, next generation threats, which take form in a variety ways. This book consists of 12 chapters covering a variety of topics such as the maturity of communications systems and the emergence of advanced web technology; how regulatory compliance has worsened the state of information security; the convergence of physical and logical security; asymmetric forms of gathering information; seven commonalities of SMTs; examples of compromise and presence of SMTs; next generation techniques and tools for avoidance and obfuscation; and next generation techniques and tools for detection, identification and analysis. This book will appeal to information and physical security professionals as well as those in the intelligence community and federal and municipal law enforcement, auditors, forensic analysts, and CIO/CSO/CISO.

  • Securing the Smart Grid

    Next Generation Power Grid Security
    • 1st Edition
    • Tony Flick + 1 more
    • English
    Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers. The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised. This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

  • Ninja Hacking

    Unconventional Penetration Testing Tactics and Techniques
    • 1st Edition
    • Thomas Wilhelm + 1 more
    • English
    Ninja Hacking offers insight on how to conduct unorthodox attacks on computing networks, using disguise, espionage, stealth, and concealment. This book blends the ancient practices of Japanese ninjas, in particular the historical Ninjutsu techniques, with the present hacking methodologies. It looks at the methods used by malicious attackers in real-world situations and details unorthodox penetration testing techniques by getting inside the mind of a ninja. It also expands upon current penetration testing methodologies including new tactics for hardware and physical attacks. This book is organized into 17 chapters. The first two chapters incorporate the historical ninja into the modern hackers. The white-hat hackers are differentiated from the black-hat hackers. The function gaps between them are identified. The next chapters explore strategies and tactics using knowledge acquired from Sun Tzu's The Art of War applied to a ninja hacking project. The use of disguise, impersonation, and infiltration in hacking is then discussed. Other chapters cover stealth, entering methods, espionage using concealment devices, covert listening devices, intelligence gathering and interrogation, surveillance, and sabotage. The book concludes by presenting ways to hide the attack locations and activities. This book will be of great value not only to penetration testers and security professionals, but also to network and system administrators as well as hackers.

  • Introduction to Multimedia Systems

    • 1st Edition
    • Urbashi Mitra
    • English

  • Information Systems Transformation

    Architecture-Driven Modernization Case Studies
    • 1st Edition
    • William M. Ulrich + 1 more
    • English
    Every major enterprise has a significant installed base of existing software systems that reflect the tangled IT architectures that result from decades of patches and failed replacements. Most of these systems were designed to support business architectures that have changed dramatically. At best, these systems hinder agility and competitiveness and, at worst, can bring critical business functions to a halt. Architecture-Driven Modernization (ADM) restores the value of entrenched systems by capturing and retooling various aspects of existing application environments, allowing old infrastructures to deliver renewed value and align effectively with enterprise strategies and business architectures. Information Systems Transformation provides a practical guide to organizations seeking ways to understand and leverage existing systems as part of their information management strategies. It includes an introduction to ADM disciplines, tools, and standards as well as a series of scenarios outlining how ADM is applied to various initiatives. Drawing upon lessons learned from real modernization projects, it distills the theory and explains principles, processes, and best practices for every industry.

  • On the Development of China's Information Technology Industry

    • 1st Edition
    • Jiang Zemin
    • English
    In the early 1980’s, Jiang Zemin, then Minister of Electronics Ministry of China, assessed the IT industry as ‘the strategic high ground in international competition.’ He "perceived the discrepancy between China’s level and the world's advanced level was so great that we had to do our utmost to catch up." Since then through numerous articles and frequent speeches he has drawn up a detailed technological and policy roadmap for doing exactly that. This volume collects over 25 pieces written over more than 20 years. It demonstrates the former president of China’s authority and insight into the development of China’s IT industry since the introduction of reforms, and the cutting-edge issues experienced throughout the global IT industry. Jiang’s ambitious goal is the transformation of China into a leader in the global IT industry by 2020. This volume offers IT industry analysts, China watchers, policy makers and advisors, IT researchers, and investors a singular and authoritative view on how China should get there.

  • Research in Information Systems

    A Handbook for Research Supervisors and their Students
    • 1st Edition
    • David Avison + 1 more
    • English
    Research in Information Systems helps supervisors and their students get the most out of the PhD experience. It can be used as a basis of courses for supervisors and their research students. This book covers:• The supervisor – student relationship• Practical, social and academic issues • Different models for PhD programs, including US, UK, Latin and Scandinavian models Many vignettes of personal experiences and reflections provide context for the material. The book is written by experts – leading international academics in the field of information systems. They all have had wide experience of research supervision over many years in many countries.

  • Past and Future of Information Systems

    • 1st Edition
    • Kim Viborg Andersen + 1 more
    • English
    Taking the recent discussions on the status of information systems as a discrete discipline as its starting point, The Past and Future of Information Systems draws together many of the pioneers of IS research, to give their own perspectives and insights to the debate. This reflective text looks back on the last 30 years of IS research, as well as glancing towards the future, ensuring that it will be of great interest to anyone working within the IS field.

  • Tru64 UNIX File System Administration Handbook

    • 1st Edition
    • Steven Hancock
    • English
    Tru64 UNIX File System Administration Handbook is a unique and authoritative book that will help systems administrators and other technical professionals understand and master perhaps the most critical part of Tru64 UNIX: the file system by which the operating system stores and manipulates all of the information that enables both it and other applications to function. File system administration thus is one of the most important, complex, and time-consuming tasks Tru64 system administrators must perform. If Tru64 UNIX is an automobile engine, then the file system is the microprocessor that keeps all of the engine components working together efficiently, and this book explains how to manage, tune, and troubleshoot this processor. Steve Hancock is an ideal author for this book. As a file systems support engineer within Compaq's Tru64 UNIX group, he trains and consults with systems administrators and engineers within large corporations who are designing, managing, and troubleshooting Tru64 UNIX file systems. Tru64 UNIX File Systems Administration Handbook covers all of the newest and advanced Tru64 UNIX features, including Compaq's TruCluster technology, which enables organizations to grow their systems by integrating many individual computers.

  • Fundamentals of Spatial Information Systems

    • 1st Edition
    • Robert Laurini + 1 more
    • English
    The study and application of spatial information systems have been developed primarily from the use of computers in the geosciences. These systems have the principle functions of capturing, storing, representing, manipulating, and displaying data in 2-D and 3-D worlds. This book approaches its subject from the perspectives of informatics and geography, presenting methods of conceptual modeling developed in computer science that provide valuable aids for resolving spatial problems. This book is an essential textbook for both students and practitioners. It is indispensable for academic geographers, computer scientists, and the GIS professional.

  • Dictionary of Information Science and Technology

    • 1st Edition
    • Carolyn Watters
    • English
    Information science is the study of information phenomena, including the acquisition, storage, and manipulation of data, information, and knowledge. It is by nature an interdisciplinary field. Researchers, managers, system users, and students need access to tools, terms, and techniques that are spread out over a large literature in a number of different disciplines: information retrieval, database management, office information systems, information technology, communication and networking, relevant computer hardware, and artificial intelligence.This work facilitates the cross-use terms from the various contributing sub-areas of information science. With definitions of one-thousand terms, in alphabetical order, the volume provides a unified, integrated, and concise guide to the field. Each term is annotated by one or more references to the literature. Where possible, the first reference directs the user to a basic or seminal discussion of the term and subsequent references show its usage in an information science-related application. This work will be an indispensable reference for students, researchers, and professionals.

  • Organizing Information

    Principles of Data Base and Retrieval Systems
    • 1st Edition
    • Dagobert Soergel
    • English
    This book gives a theoretical base and a perspective for the analysis, design, and operation of information systems, particularly their information storage and retrieval (ISAR) component, whether mechanized or manual. Information systems deal with many types of entities: events, persons, documents, business transactions, museum objects, research projects, and technical parts, to name a few. Among the purposes the serve are to inform the public, to support managers, researchers, and engineers, and to provide a knowledge base for an artificial intelligence program. The principles discussed in this book apply to all these contexts. The book achieves this generality by drawing on ideas from two conceptually overlapping areas—data base management and the organization and use of knowledge in libraries—and by integrating these ideas into a coherent framework. The principles discussed apply to the design of new systems and, more importantly, to the analysis of existing systems in order to exploit their capabilities better, to circumvent their shortcomings, and to introduce modifications where feasible.